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DETAILED ACTION 

Continued Examination Under 37 CFR 1.114 

A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1 .1 7(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1 .17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 1 1-20- 
2008 has been entered. 

1 . Clearly the thrust/focus of the applicant's claims is that a local CA/AAA server 
is used (eg. CA Gateway) when a user is roaming. The prior art all teach similar 
concepts in that they either use parallel terminology (eg. Local/Foreign vs. Home 
networks) as well as steps involved with "who to contact" when the user is roaming. 
The designs in RFC 2977 figures clearly show that the Local and Home AAA's interact. 
Tsuda teaches multiple interconnected, separate networks each with their own AAA 
servers and Lee teaches nomadic roaming where a user's credentials are verified. 

2. The examiner also reminds the applicant that the recent landmark KSR 
ruling puts forth that simple substitution of one known element or application for 
another to a piece of prior art ready for improvement is not patentable under 35 USC 
103(a). Accordingly, the claims are viewed as a combination that only unites elements 
with no change in respective functions of those elements and said combination yields 
predictable results. Absent evidence that the modifications necessary to effect the 
combination of elements is uniquely challenging or difficult for one of ordinary skill 
the claims are also deemed unpatentable. 

It is the examiner's position that the applicant has not put forth compelling 
arguments that show how or why it would be uniquely challenging for one skilled to read 
the prior art and NOT be able to build a system which is an obvious modification. 

3. A more favorable outcome may occur if the applicant were to amend with the 
novel material as pointed out by the examiner. 
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Claim Rejections - 35 USC § 101 

35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

the claimed invention is directed to non-statutory subject matter. 

Claim(s) 2-3 and 24-26 is/are rejected under 35 U.S.C. 101 as not falling within 
one of the four statutory categories of invention. While the claims recite a series of 
steps or acts to be performed, a statutory "process" under 35 U.S.C 101 must (1) be 
tied to another statutory category (such as a particular apparatus), or (s) transform 
underlying subject matter (such as an article or material) to a different state or thing 
(Reference the May 15, 2008 memorandum issued by Deputy Commissioner fro Patent 
Examining Policy, John J. Love, titled "Clarification of 'Processes" under 35 U.S.C 
101"). The instant claims neither transform underlying subject matter nor positively tie 
to another statutory category that accomplishes the claimed method steps, and 
therefore do not qualify as a statutory process. 

The applicant should amend these claims to empirically recite "what device" is 
performing the method steps in order to overcome this rejection. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 2-3, 24-26 and 32-38 rejected under 35 U.S.C. 103(a) as being 
unpatentable over RFC 2977 and further in view of Tsuda and Lee. 

As per claims 2-3, 24-26 and 32-36, RFC 2977 teaches a method comprising: 
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receiving a message from subscriber's user equipment, said message indicating 
that an address of a certificate provisioning gateway for certificate issuance and delivery 
procedure in a visited network is requested by the subscriber's user equipment (Section 
3 teaches a "Basic Model" whereby a roaming user connects to an "agent/gateway 
function" which then seeks to perform back-end operations to determine if the local or 
home domain must be contacted to verify the user. See figure 1 .), 

Obtaining, in response to receiving the a/the message, subscriber's location 
information maintaining in a mobile communication system subscriber's location/network 
information (RFC 2977 teaches the concept of Mobile IP where a user roams as well as 
home and foreign/local domains which inherently requires the "network" to keep 
track of where the mobile unit is located . Furthermore, the HLR and VLR 
components perform this same task . Also Mobile IP tracks/understands the network- 
address of which LAN segment the user is connected to.); 

the certificate provisioning gateway serving at least one certificate authority, the 
message further containing the address of the certificate provisioning gateway (figures 
1-2 show and Sections 4-5 teach requests/serving of home/foreign authority. 
Furthermore, Mobile IP inherently requires interaction between the home and foreign 
authorities to verify/authenticate a user and IP routing inherently requires the use of a 
node's exact address in order for a message to be sent to it ): 

determining, i n r e spons e to r e c ei ving the m e ssag e, on the basis of the 
subscriber's network information, an address of the certificate provisioning gateway 
(figures 1-2 and sections 4-5 discuss the interaction between home/local authorities 
when a Mobile IP user roams from one domain to another domain): 

checking whether or not the address in the message is the same as the address 
of the certificate provisioning gateway determined on the basis of the network 
information (figures 1-2 and sections 4-5 teach that the network/IP address of the 
Mobile IP user will be identified and a decision made as to contact the home domain to 
verify/authenticate the user); and 

but is silent on use of location information AND if they are not the same , using 
the address determined on the basis of the location information. 
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RFC 2977 focuses more on the underpinnings of IP and MOBILE IP where the 
user's IP address and current Network Address are used to determine the "location" of 
the user and if assistance from the Home (authority/agent) is needed. The term location 
for RFC 2977 is not a geographic position, but rather a correlation between the user's 
home IP address and their current connection to a LAN segment (eg. they are in their 
home domain/location if the network LAN Addresses match and/or they are in a foreign 
domain/location if they do not match). RFC 2977 teaches the concept of LOCAL and 
HOME AAA functions (see figure 1 where HOME is the user's home network and 
LOCAL can be a foreign/visited network based on the user's current location. The 
concepts put forth in "The basic model" (page 5 to 6) is that the Local AAA will check 
with the Home AAA as required. Hence if the user needs information and attempts to 
contact its Home AAA, the Local network will check/compare the address of the AAA 
function it is attempting to contact, hence the Local AAA will be used instead of the 
Home AAA. RFC 2977 also puts forth a connection between the Local and Home 
AAA's (see figure 2) and that data can flow between them for authentication purposes. 
Therefore, one skilled would use the "most local" authoritv/AAA server when roaming 
since it would be time-consuming to contact the Home Authoritv/AAA especially since 
RFC 2977 teaches that the Home and Local AAA's provide cross-authentication to 
verify each user when they roam into foreign networks. 

As previously put forth in earlier rejections , Tsuda teaches a network using 
Mobile IP and AAA protocols for general authentication and Accounting (eg. for a 
certificate issuance service in another network than a home network. See figure 10 
shows mobile user registering with a foreign agent in a non-home network. Abstract 
and figure 1 show a system that allows a user to be authenticated to roam to various 
networks and use services whereby AAA information is transmitted to/from a user's 
device. Also see figure 6, Step 2 and figure 10 which shows an authentication 
procedure and figure 10 shows overall procedure whereby data is sent to/from the 
mobile's AAA-H/AAA-V servers in order to authenticate said user as he roams. Figures 
10-1 1 show mobile authenticating with AAA and P#186 discusses use of certificate 
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issuance via certificate authority. Furthermore, he also teaches a Mobile IP network, 
figure 1 shows a mobile user who has roamed from a home network #1 001/#1 01 0 to a 
visited network #1002/#1010 connected via IP which inherently subnets a network into 
smaller networks and their location is known based on where the engineer has 
positioned the local access router/BTS. Lastly, the mobile network maintains user 
location in an HLR and Tsuda teaches both home and foreign networks, P#67 and 
P#71 , which inherently describes the concept of knowing where the user is (eg. 
maintaining a subscriber's location in the network) since it is either in the (one) home 
network or in any of other foreign networks -- see figure 18 which shows multiple foreign 
subnets, #1002/#1 004. Tsuda clearly shows multiple networks connected each having 
an AAA/Certificate server (figures 1-2). Hence a de-centralized AAA server design 
would inherently require the user's authentication request to be handled by the "local" 
AAA server. Figure 3 shows a connection from AAA #70 to AAA #60 on different 
networks with a "broker" in between (reads on a CA Provisioning Gateway). Also see 
figure 6 which shows that the two networks/AAA's interact, steps 101-109. 

With regard to using geographical position data to assist with network 
configuration/authentication, Lee teaches an "automated process" to enable nomadic 
roaming such that a user can request connectivity to a device whereby an agent 
determines the user has roamed into a visited network and translates the request into a 
connection to a new, similar device (Abstract). This alleviates the need for the user to 
track/determine if they have roamed into a visited network and then request a new 
device address. Furthermore, Lee puts forth multiple connected networks that use 
various services from the different networks. One skilled understands that a network 
design would either be centralized or distributed. Thusly, the AAA/Certificate servers 
would either all be at one location or spread out across the network - forcing the user to 
either always contact the central server or contact a local server. Figure 4 clearly 
shows that the user uses both voice and data services and that the network tracks the 
user across multiple networks (See Care-of-Address and various TID's). Therefore the 
use of one or multiple "certificate authorities" is viewed as a design choice. 
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It would have been obvious to one skilled in the art at the time of the invention to 
modify RFC 2977, such that it uses location information AND if they/CA's are not the 
same , using the address determined on the basis of the location information, to provide 
means for the mobile device to quickly ascertain AAA information/authentication by 
using a local AAA/CA server if/when roaming in a foreign network. 

As per claim 7, Tsuda teaches claim 6, further comprising, performing the 
authentication is an application level authentication (figure 10 shows the process by 
which the user's authentication "program" communicates with other AAA server 
programs for authentication. Also se figure 1 1 and figures 12a-d which show packet 
layout. Hence the examiner interprets Tsuda's design as the AAA process being an 
application level authentication since it "rides on top of the Mobile IP layer). 

As per claims 32-36, the combo teaches claim 28, but is silent on wherein the 
certificate provisioning gateway is configured, in response to receiving in the message 
further an address of a certificate provisioning gateway, to check whether or not the 
address which the message indicated corresponds to the address determined on the 
basis of the location information; and if they do not correspond to each other, to select 
the address determined on the basis of the location information OR to use the 
maintained location information if it does not correspond to the location information in 
the message OR to send an error indication. 

Tsuda teaches a user roaming among home/foreign networks while Kim teaches 
location determination and Lee teaches automatic updates for the user regarding 
network information as said user roams. Hence, while one skilled expects that Lee's 
teachings would always correctly correlate the address in the message to the location 
information, it is possible for it to be incorrect and thus either send an error or select 
which one is thought to be right. 

The examiner takes Official Notice that one skilled would need to decide the 
correct user's location if there is a discrepancy and/or send an error message. 
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It would have been obvious to one skilled in the art at the time of the invention to 
modify the combo, such that the address is correlated to the location, to provide means 
for determining if the address of the CA is wrong and/or if a discrepancy exists and 
which address to use. 

As per claim 37, the combo teaches claim 1, but is silent on wherein a 
certificate authority is a trusted third party. 

The examiner takes Official Notice that a certificate authority is typically 
considered a trusted third party since it is not the sender or receiver, but rather an entity 
in between which known (and trusted) by both parties. 

It would have been obvious to one skilled in the art at the time of the invention to 
modify the combo, such that a CA is a trusted third party, to provide means for the two 
parties to communicate via a third entity that is trusted by both. 

As per claim 38, the combo teaches claim 1, but is silent on wherein a 
certificate authority is a trusted third party and does not include an authorization, 
authentication and accounting server. 

The examiner takes official notice that a certificate authority is sometimes used 
in a situation where an AAA server is (or has not been) used/contacted. 

It would have been obvious to one skilled in the art at the time of the invention to 
modify the combo, such that a CA does not use the AAA, to provide means for not 
requiring need for services from an AAA server when the user has previously been 
authenticated within the roamed network(s), eg. during initial registration. 

Allowable Subject Matter 
Claims 6-9 and 13-15. 17 and 27 objected to as being dependent upon a rejected 
base claim, but would be allowable if rewritten in independent form including all of 
the limitations of the base claim and any intervening claims. 
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Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Stephen M. D'Agosta whose telephone number is 571- 
272-7862. The examiner can normally be reached on M-F, 8am to 5pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Dwayne Bost can be reached on 571-272-7023. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/Stephen M. D'Agosta/ 
Primary Examiner, Art Unit 2617 



